服务器初始化

安装tab提示

sudo yum -y install bash-completion
sudo yum -y install bash-completion-extras # CentOS 7 再多安装一个

# 立即生效
source /etc/profile.d/bash_completion.sh 

防火墙配置

sudo systemctl start firewalld.service 
sudo systemctl enable firewalld.service 

# 设置默认zone
sudo firewall-cmd --set-default-zone=public

# 拦截icmp
for tyicmp in destination-unreachable echo-request echo-reply parameter-problem redirect router-advertisement router-solicitation source-quench time-exceeded; do 
sudo firewall-cmd --permanent --add-icmp-block=${tyicmp}
done
# reload
sudo firewall-cmd --reload

防ssh暴力破解配置

# 创建目录
sudo mkdir -p /usr/local/feng/firewalld

cat << 'EOF' | sudo tee /usr/local/feng/firewalld/firewall.deny
#!/bin/bash
tail /var/log/secure -n 10000 | awk '/Failed/{print $(NF-3)}' | sort | uniq -c | awk '{print $2"="$1;}' | sort -g -t '=' -k2 | grep -v "113.87.181.158" >/tmp/black.txt
DEFINE="3"
ExistIP=$(firewall-cmd --list-sources --zone=drop)

for i in $(cat /tmp/black.txt); do
    IP=$(echo "${i}" | awk -F= '{print $1}')
    NUM=$(echo "${i}" | awk -F= '{print $2}')
    if [ "${NUM}" -gt ${DEFINE} ]; then
        result=$(echo "${ExistIP}" | grep "${IP}")
        if [[ "${result}" == "" ]]; then
            # echo "$IP is not exist,the count is ${NUM}"
            firewall-cmd --zone=drop --permanent --add-source="${IP}"
            # echo "$IP has drop"
        fi
    fi
done
firewall-cmd --reload
EOF

# 然后执行
sudo bash /usr/local/feng/firewalld/firewall.deny

配置自动添加ip拦截

echo "30 * * * * root bash /usr/local/feng/firewalld/firewall.deny" | sudo tee -a /etc/crontab

添加普通用户

username=feng
sudo useradd -m ${username}
sudo bash -c "echo '123456' | passwd --stdin ${username}"
sudo bash -c "echo '${username} ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers.d/my_user"
sudo bash -c "echo '%${username} ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers.d/my_user"

安装Docker

# 配置仓库
sudo yum install -y yum-utils device-mapper-persistent-data lvm2
sudo yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo

# 安装Docker最新版
sudo yum install docker-ce -y

# 启动服务
sudo systemctl enable docker
sudo systemctl start docker

把普通用户加入Docker组

# 将登陆用户加入到docker用户组中
sudo gpasswd -a $USER docker
# 更新用户组
newgrp docker   
# 测试docker命令是否可以使用sudo正常使用
docker version  

配置Docker镜像源及禁用iptables

# 写入daemon.json文件
cat << 'EOF' | sudo tee /etc/docker/daemon.json
{
   "registry-mirrors": [
       "https://mirror.ccs.tencentyun.com"
  ],
    "iptables": false
}
EOF

# 重启Docker
sudo systemctl restart docker.service

yum安装Nginx

sudo rpm -Uvh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
sudo yum install -y nginx
sudo systemctl start nginx
sudo systemctl enable nginx